CUNA, World Council discuss EU data protection regulation

May 30, 2018

CUNA hosted a webinar Wednesday on the European Union’s (EU) General Data Protection Regulation (GDPR), which became effective May 25. Lance Noggle, CUNA senior director of advocacy for payments and cybersecurity, presented, along with Andy Price, World Council's regulatory counsel and Hal Scoggins of Farleigh, Wada and Witt, presented.

The speakers discussed the regulation, which purports to apply to companies anywhere in the world with customers or members living in the EU.

These regulations could potentially apply to American entities that process the personal data of EU residents when offering them goods and services. The term “offering” is determined on a case-by-case basis.

While there is no express civil enforcement mechanism in the GDPR itself, international law will govern the enforcement of any civil penalty. The Federal Trade Commission indicated in the adequacy determination that it will use Unfair and Deceptive Practices to enforce penalties, but there is no rule expressly mandating compliance with the GDPR. Therefore, how, if at all, these provisions will be enforced against US credit unions will be determined over time.

Key compliance requirements under the GDPR include:

Business accountability measures that include data protections officers, record maintenance requirements, privacy impact assessments, privacy by design and default for all data collection systems, privacy policies, controller and processor responsibilities, restrictions on transfers to third countries, proof of compliance and mandatory appointment of a data protection officer in certain circumstances;

Requiring notification of a data breach to a supervisory authority within 72 hours (subject to conditions) and notification to affected data subjects without undue delay (with certain exceptions;

Demonstration of consent in a clear, intelligible manner, with the right to withdraw consent by the data consent. Existing consents may not be valid;

Defined consumer rights that include disclosure of data collection, right to access to records and purpose of data collection, right to restrict processing, right to recertification and erasure, right to data portability, right to lodge a complaint, right to legal remedies, right to object to profiling and penalties for violations.

CUNA members can view a recorded version of thew webinar, available for free, here.

Who should be the 2019 Credit Union Hero of the Year?

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.